IEG on Cybercrime - Australian Comments ahead of the stocktaking meeting - Vienna, April 2021

 
IEG on Cybercrime - Australian Comments ahead of the stocktaking meeting - Vienna, April 2021
IEG on Cybercrime – Australian Comments ahead of the stocktaking
                   meeting – Vienna, April 2021

Australia thanks the open-ended intergovernmental expert group to conduct a comprehensive study
of the problem of cybercrime (the IEG) for its work in compiling the list of State recommendations
submitted to the IEG over its preceding three meetings in 2018, 2019 and 2020. Australia takes this
opportunity to provide specific comments on selected recommendations (Part 1). We also provide
detailed comments on the broader issue of maintaining a Vienna-based forum for technical
exchange and capacity building (Part 2).

Part 1: Comments on IEG recommendations
General comments
1.       Australia acknowledges and accepts the passage of UNGA Resolution 74/247. During the
discussion of 74/247, Australia, along with many other Member states, reiterated its view that a new
UN convention on cybercrime was not required for States to make progress combatting cybercrime
and its impacts on society. Despite these arguments, the mandate of the Ad Hoc Committee
established by Resolution 74/247 passed by a recorded vote. Following the will of the General
Assembly, Australia will respect the work and mandate of the Ad Hoc Committee, but it is important
that the IEG’s report does not now imply consensus on this issue where none exists. The views of
the many member States which identified the effectiveness of utilising existing instruments,
including the United Nations Convention against Transnational and Organised Crime and the Council
of Europe Budapest Convention on Cybercrime (the Budapest Convention), remain valid and the
passage of 74/247 does not change that.

2.      The nature of cybercrime and State responses continue to evolve rapidly and have done so
across the duration of the IEG’s mandate. It will be important that the report reflect that the
recommendations and conclusions collated for the study provide a snapshot in time against a
background which is continually changing and raising new and difficult issues. Accordingly, the IEG’s
recommendations and conclusions may not necessarily reflect efforts to modernise existing
international instruments, such as the draft Second Additional Protocol to the Budapest Convention.

3.       Australia notes the impact of the COVID-19 pandemic on the 2020 meetings of the IEG and
its outcomes (International Cooperation and Prevention) which prevented discussion of
recommendations by States (in contrast with previous meetings) and instead resulted in a simple list
of every recommendation put forward by a Member States. On this basis, Australia has provided
more detailed comments on conclusions and recommendations submitted at those sessions.

Duplication of issues dealt with under other UN initiatives on Cyberspace and International
Peace and Security
4.       Australia is concerned that several recommendations fall outside the scope of cybercrime
and the criminal misuse of ICTs. Issues related to information and communications technologies in
the context of international peace and security – including the behaviour of States, the application of
existing international law and agreed norms, the protection of critical infrastructure from malicious
cyber activity, and malicious cyber activity conducted by States or their proxies and possible
IEG on Cybercrime - Australian Comments ahead of the stocktaking meeting - Vienna, April 2021
responses thereto – are duplicative of the discussions among all 193 UN Member States in the UN
First Committee Open Ended Working Group, which concluded its report on 12 May; the new 5-year
Open Ended Working Group, which will begin its work in June, as well as the Groups of
Governmental Experts on Cyber. Australia therefore objects to the inclusion of the following
recommendations on the basis that they relate to matters of international peace and stability and
fall outside the mandate of the IEG and the Third Committee recommendations 8(f), (h), (m), (ee)(iii)
under International Cooperation and recommendations 9(g), (u), (kk), (ll), (nn), (pp) under
Prevention.

Legislation and frameworks
5.      The critical importance of ensuring legislation and frameworks are contemporary,
technology neutral and appropriately criminalise the underlying conduct must be underscored –
these elements form the basis of a State’s national response to cybercrime and are essential
precursors for international cooperation. As is the case with all criminal laws and legislative
frameworks, careful consideration must be given to ensuring a balanced approach to law
enforcement, human rights and privacy issues, ensuring compliance with member States’ human
rights obligations. Close consultation with civil society, industry and relevant stakeholder is critical in
general, but particularly so in this regard. Public-private partnerships will continue to be essential to
detecting, preventing and obtaining electronic evidence to investigate and prosecute cybercrime.
Given the transnational nature of cybercrime and the need to eliminate safe havens for criminals,
extraterritorial jurisdiction should be applied to cybercrimes, in accordance with international law.

6.       Conclusions should underscore the importance of a ‘system wide’ approach to criminal
justice. Legislation and frameworks for cybercrime must provide for, and be accompanied by,
appropriate powers, procedures, capabilities and capacity across the entire justice system, including
law enforcement, central authorities, prosecutorial authorities, and the judiciary.

7.       Member states should take advantage of existing international frameworks which provide
for effective international cooperation cybercrime including the Council of Europe Convention on
Cybercrime (Budapest Convention) and the United Nations Convention Against Transnational and
Organised Crime.

8.      Commentary on Australia’s support for continuation of technical and expert exchange,
including through the IEG, is addressed in Part 2, below.

In line with these general comments, Australia strongly supports the intent of the following
recommendations and conclusions:
      4(a),(d),(e), (g), (i), (j), (t), (u).
      In line with our comments on human rights, privacy, and good governance Australian also
         supports the intent of recommendation 5(n), currently listed under Criminalization
      In line with our comments on contemporary legislative frameworks which are technology
         neutral, Australia also supports the intent of recommendation 6 (j) currently listed under
         Law Enforcement and Investigations
      In line with our comments on the benefits of utilising existing international frameworks to
         cooperate on cybercrime Australia also supports the intent of recommendations 6 (b), (c),
         and (d) currently listed under the Law Enforcement and Investigations
Criminalization
9.       Criminalisation of conduct constituting cybercrime is fundamental to national and
international efforts to combat cybercrime. This should include key offences relating to the
confidentiality, integrity and availability of computer networks and computer data and should take
into account widely recognized international standards. In order to be effective, law enforcement
must be appropriately empowered and equipped to undertake cybercrime investigations. An often
overlooked, but critical aspect of an effective criminal justice response to cybercrime is the
maintenance of appropriate arrangements for obtaining, management and handling, judicial
consideration and international cooperation on electronic forms of evidence.

In line with these comments, Australia strongly supports the intent of the following
recommendations and conclusions:
      5(b), (d), (j), (l).

Law Enforcement and Investigations

10.     The rapid pace and cross-border nature of cybercrime pose challenges for traditional
regulatory and law enforcement approaches. The capacity and capabilities of our agencies,
particularly law enforcement agencies, need to keep pace with evolving technologies if police are to
perform their duties in the digital environment. At the most basic level, all police officers need to
know how to gather and analyse digital evidence, leaving specialist units to focus on more complex
cybercrimes. Specialist units within law enforcement agencies must have the training and
capabilities to detect and investigate the more complex and sophisticated use of technology in
criminal activities.
In line with these comments, Australia strongly supports the intent of the following
recommendations and conclusions:
       6(h), (I), (k), (n).
       In line with our comments on capacity, capability and specialisation of criminal justice
        agencies to effectively combat cybercrime, Australia also supports the intent of
        recommendations 8(ccc), (ddd).

Electronic Evidence and Criminal Justice
11.        The use of online and cloud computing services has become integral to communication in
daily life. From a criminal justice perspective, this makes them key sources of evidence for
prosecuting both traditional and online crime. However, the successful prosecution of individuals
who commit crimes involving electronic evidence relies on:
     appropriately skilled and resourced law enforcement agencies and forensic practitioners
          who are able to collect, analyse and present the evidence;
     a legislative framework that facilitates the collection, presentation and adjudication of
          evidence in the modern era, noting that relevant electronic evidence may be stored beyond
          the jurisdiction of the investigating law enforcement agency, and the nation’s borders
          generally; and
     appropriately trained prosecutorial, judicial and central authorities that can work efficiently
          and effectively with electronic evidence.
12.     Australia recognises the importance of capacity building, collaboration and international
cooperation, and exchange on trends and best practices for combatting cybercrime. Our views on
the best forum to address this ongoing need are outlined in Part 2 of this paper.
In line with these comments, Australia strongly supports the intent of the following
recommendations and conclusions:
       7(b), (c), (d), (f), (g), (o)(i-vi), o(viii), o(xii-xv), (r), (v).

International cooperation

13.      Australia agrees with recommendations and conclusions advocating that Member States be
encouraged to use international treaties and arrangements already in existence, such as the
Budapest Convention. The Budapest Convention provides a foundational substantive and procedural
legal framework that enhances the ability to combat cybercrime and the collection of electronic
evidence more broadly.

14.      Member States should also be informed of efforts to modernise existing international
treaties, such as the Budapest Convention. Currently, the Budapest Convention Cybercrime
Committee (T-CY) are negotiating the Second Additional Protocol on enhanced cooperation and
disclosure of electronic evidence. This will significantly improve the ability for Parties to both directly
and indirectly obtain electronic evidence to combat all manner of crime types (including cybercrime)
and facilitate more effective international cooperation (such as joint investigations).
Terminology and definitions
15.     Efforts to define ‘cybercrime’ should focus on technology-neutral language to ensure that
the recommendations and conclusions are relevant and accessible to all jurisdictions despite the
constant evolution of technologies.

16.       Australian notes recommendation (8(a) International Cooperation) refers to ‘child
pornography.’ Member States should be encouraged to replace references to ‘child pornography’ as
with more appropriate alternative terms, such as ‘child sexual abuse material.’ Similarly, the
Member States should be encouraged to use alternative terminology such as ‘non-consensual
sharing of intimate images’ in place of references to ‘revenge porn’, as included in recommendation
5(i)(ii).
Capacity building and technical assistance
17.      Recommendations and conclusions should foster international cooperation, confidence
building and trust between countries to ensure that criminal justice practitioners have effective and
efficient ways to detect, prevent, investigate and prosecute cybercrime.

18.      Capacity building and technical assistance are an important feature of international
cooperation and building global resilience – the response to cybercrime is only as strong as our
collective efforts. The need for appropriate capacity building programs, particularly for developing
countries and small island states, is a key theme of conclusions and recommendations across the
IEG’s thematic meetings. Australia strongly supports the UNODC’s role in the provision of capacity
building and expertise on cybercrime, including through its Global Programme on Cybercrime.
Capacity building programs should adopt a system-wide approach and include support for the
development of relevant cybercrime legislation and frameworks.
19.      International efforts should focus on the provision of capacity building and technical
assistance to strengthen the ability of law enforcement authorities to combat cybercrime, especially
child sexual abuse online.

20.     Commentary on Australia’s support for continuation of technical and expert exchange,
including through the IEG, is included in Part 2, below.
Investment in international crime cooperation
21.     Member States should be encouraged to invest in central authorities to ensure effective
international crime cooperation, including by ensuring there is sufficient expertise to respond to
emergency requests and securing the preservation of data to reduce the risks associated with data
loss/volatility. Central authorities should also be supported through mechanisms such as 24/7
networks in law enforcement or specific contact points in central authorities, to ensure mutual legal
assistance can be provided to the widest extent possible.
Domestic procedural frameworks and international cooperation
22.     Government access to data for law enforcement purposes should be supported by
frameworks that ensure the preservation of electronic evidence – such as the preservation
procedural measures of the Budapest Convention. Collective consideration should also be given to
ensure law enforcement and national security agencies lawful access to end-to-end encrypted data
is maintained on messaging platforms, to support the prevention, detection, investigation and
prosecution of criminal offences.

23.    There are many challenges with the current status quo in terms of international
cooperation. Member States should be encouraged to consider how international cooperation can
be improved and made more effective.

24.    Member States should be encouraged to strengthen their own law enforcement capabilities
to combat cybercrime, including through establishing specialised expertise within law enforcement
and prosecutorial authorities to investigate and prosecute cybercrime.
Public and private partnerships
25.     Member States should be encouraged to support the position that criminality on the
internet is not only the responsibility of governments, but also shared with industry. This includes
the need for industry to develop policy, codes and practices in responding to the criminal use of
their networks and services. Broader education efforts will be necessary to give effect to this
position.

26.      Public-private partnerships are critical to detecting, preventing and obtaining electronic
evidence to investigate and prosecute cybercrime. This includes public-private partnerships that
ensure lawful access is maintained to end-to-end encrypted data on messaging platforms.

27.    Member States should be encouraged to engage with domestic and international service
providers that provide services to their jurisdiction, to ensure there is open dialogue around how
Member State authorities can obtain electronic evidence (including through international
cooperation mechanisms such as mutual legal assistance).
In line with the above comments, Australia strongly supports the intent of the following
recommendations and conclusions:
      8 (a), (c), (e), (p), (r), (s), (t), (u), (w), (z), (bb), (hh), (jj), (ll), (pp), (rr), (uu), (aaa), (ggg).
      In line with our comments on capacity building, Australia also supports the intent of
         recommendation 4(n) under Legislation and Frameworks, 6(e), (f), and (t) under Law
         Enforcement and Investigations.
In line with our general comments, above, Australia could not support the following
recommendations:
        8 (f), (h), (m), (ee)(iii).

Prevention
28.     Australia agrees that prevention is not only the responsibility of governments but requires
the participation of all relevant stakeholders, including industry and the public.

29.      Australia supports the recommendations and conclusions regarding the development of
initiatives to better equip the public to protect themselves against cybercrime, including accessible
prevention tools and public awareness campaigns for the safe and legal use of the internet.

30.     Australia supports recommendations to move to a more proactive prevention posture,
including greater and more routine information sharing between Member States on criminal modi
operandi.

31.     Australia supports the development of strategies and measures to ensure prevention keeps
pace with advances in technology, such as the criminal use of anonymising tools. For example,
Australia supports efforts to prevent terrorist and violent extremist use of the internet through
working with governments, industry and civil society.

32.    Australia supports greater sharing of international best practice on effective and successful
prevention of cybercrime (such as through the IEG).

In line with the above comments, Australia strongly supports the intent of the following
recommendations and conclusions:
      9(a), (b), (v), (w), (y), (z), (aa), (gg).
      In line with our comments on public awareness and prevention tools, Australia supports
         recommendation 5(q) under Criminalization.

In line with our general comments, above, Australia could not support the following
recommendations:
      9 (g), (u), (kk), (ll), (nn), (pp).
Part 2: The need for an ongoing forum for technical exchange
25.     The original mandate of the Intergovernmental Expert Group on Cybercrime (IEG),
established in UNGA Resolution 65/230, set out a two-pronged mandate for the IEG’s work:
        Requests the Commission on Crime Prevention and Criminal Justice to establish, in line with
        paragraph 42 of the Salvador Declaration, an open-ended intergovernmental expert group, to be
        convened prior to the twentieth session of the Commission, to conduct a comprehensive study of the
        problem of cybercrime and responses to it by Member States, the international community and the
        private sector, including the exchange of information on national legislation, best practices, technical
        assistance and international cooperation, with a view to examining options to strengthen existing and
        to propose new national and international legal or other responses to cybercrime.1

26.       That mandate specified the IEG’s primary objective as the completion of a comprehensive
study of the problem of cybercrime and responses to it by Member States. As part of that mandate,
it also included a request that the IEG facilitate ‘the exchange of information on national legislation,
best practices, technical assistance and international cooperation’, with a view to improving the
international response to cybercrime.

27.      That technical exchange element has been one of the most important and enduring benefits
of the IEG’s work. The IEG forum has enabled states to canvass a range of technical and practical
issues related to combatting cybercrime, encouraged meaningful exchange at a practitioner-level,
and ensured States continue to benefit from the high degree of expertise and experience gathered
in Vienna, as well as the resources of the UNODC and its Global Program on Cybercrime.

28.     To enhance Member States’ ongoing ability to share information, continue practitioner-level
technical engagement and foster technical assistance and capacity building, this element of the IEG’s
work must endure, whether under the auspices of the IEG or in a different format.

Longstanding consensus on the need for ongoing technical exchange
29.     Despite their divergent views on the value of new international instruments, States have
long agreed on the value of the IEG’s technical exchange function as a distinct component of its
broader mandate. As early as the first meeting of the IEG in 2011, a number of States:
        ‘highlighted the importance of technical assistance and information-sharing, both under the auspices
        of a comprehensive international legal instrument and on the basis of more immediate needs and
        means of delivery. It was noted that the same issue was identified as a separate and specific priority
        by the Salvador Declaration’.2

30.     At the second meeting of the IEG in 2013, experts again:
        ‘highlighted the importance of effective ongoing communications between States in order to share
        and address concerns about specific cases and increase understanding of what barriers existed and
        how they could be addressed’.3

31.     The CCPCJ reaffirmed this broad agreement on the value of technical exchange and capacity-
building in its resolution 22/7, when it underlined ‘the need for enhanced coordination and
cooperation among States in combating cybercrime’4. The CCPCJ also confirmed in its resolution

1
  A/RES/65/230, OP9.
2
  Paragraph 31, UNODC/CCPCJ/EG.4/2017/2.
3
  Paragraph 37 CCPCJ/EG.4/2017/3.
4
  E/2013/30, p62.
22/8 the ‘broad support for capacity-building and technical assistance and for the role of the UNDOC
in that regard’.5

32.     In response to a recommendation of the Doha Declaration, CCPCJ resolution 26/4 extended
the mandate of the IEG and gave it the framework for its current work plan. In so doing, the CCPCJ
specifically highlighted the separate importance of the IEG’s work in facilitating technical exchange
[emphasis added]:
         Requests [the IEG] to continue its work … and also requests the Expert Group to continue to exchange
         information on national legislation, best practices, technical assistance and international cooperation,
         with a view to examining options to strengthen existing responses and propose new national and
         international legal or other responses to cybercrime.6

33.       In subsequent meetings of the IEG, States have repeatedly stressed the need for an ongoing
facility for technical exchange, with at least eight separate recommendations highlighting the need
for ongoing technical exchange and capacity building among States.7

34.     Australia considers the IEG remains a critical forum for experts and practitioners to exchange
information on their experiences and ongoing efforts to combat the ever-increasing threat of
cybercrime, and that such exchange should continue beyond 2021.

Options for ongoing technical exchange
35.     Given the longstanding and widely-held support among States for an ongoing forum for
expert and technical exchange, it is important to consider the most effective way to meet this need.

36.     In Australia’s view, the IEG, as an established body with an existing UNGA mandate, is the
forum best equipped to continue to facilitate international technical exchange. Once the
comprehensive study on cybercrime is complete at the end of 2021, States could easily adapt the
IEG’s mandate to focus solely on technical exchange, capacity building, and the identification and
analysis of trends in cybercrime.

37.     Alternatively, States may prefer to establish a new platform for discussions rather than
adapt an existing one. If so, such a platform could be established as a separate mechanism, process
or forum. As with the IEG, any new forum should be established in Vienna, under the auspices of the
CCPCJ, to ensure States can continue to benefit from the expertise, experience and resources
available in Vienna and in the UNODC. Such an arrangement would ensure States continue to have
meaningful opportunities for technical exchange and capacity building.

38.     It should be stressed that the Ad Hoc Committee (AHC) established by UNGA resolution
74/247 is not a suitable forum to facilitate the kind of technical and expert-led exchange that
currently occurs under the auspices of the IEG, having neither the mandate nor the resources
required. Rather, the AHC’s mandate is limited by the narrow terms of 74/247, to the elaboration of
‘a comprehensive international convention on countering the use of information and
communications technologies for criminal purposes’.8

5
  Ibid, p65 (OP1).
6
  E/2017/30, p 34 (OP1).
7
  See for example recommendations 4(p); 4(q); 5(l); 5(o); 7(i-l); 7(o); 8(rr); and 9(xx) in
UNODC/CCPCJ/EG.4/2021/CRP.1.
8
  A/RES/74/247, OP2.
39.      In view of the AHC’s status as a subsidiary body of the General Assembly, it would not be
appropriate for the CCPCJ to attribute to the AHC functions which were not within its existing
mandate. In addition, Australia’s considers matters relating to criminal justice, including cybercrime,
should be dealt with under the auspices of UN’s Vienna based institutions, the home of criminal
justice in the UN system. To continue facilitating these essential technical discussions, States must
either make use of the tools already available to them (the IEG) or create new dedicated/tailor-
made/purpose-built ones. Irrespective of the mechanism under which States choose to continue
much needed technical and expert exchange, duplication and overlap with other processes should
be avoided.
Comments on Future Work of the
                 Intergovernmental Expert Group (IEG) on Cybercrime

Austria aligns with the EU comments on the future work of the Expert Group. In our national
capacity, we wish to make some additional remarks.

Austria firmly supports the position that the Commission on Crime Prevention and Criminal
Justice (CCPCJ) should renew the mandate of the Expert Group beyond 2021 as a platform for
experts and practitioners in the field of cybercrime to exchange information and best practices.

Whether the IEG is extended in its current form or a new forum for facilitating this expert
exchange is established, future meetings should take place in Vienna, as the hub for
international cooperation in all criminal matters and combatting cybercrime in particular. The
UN seat is host to the necessary expertise and can be considered a repository of knowledge on
the subject.

The CCPCJ should continue to have leadership over the expert-driven forum. The United
Nations Office on Drugs and Crime (UNODC) in Vienna is the right entity to take this work
forward, both in terms of its mandate and its expert knowledge.

Furthermore, we are ready to actively engage in the new process of the Ad Hoc Committee to
elaborate a comprehensive international convention on countering the use of information and
communications technologies for criminal purposes. However, Austria does not hold the view
that the negotiation of a new convention on cybercrime is comparable to the exchange among
experts in the field, which has been made possible through the IEG. A Vienna-based platform
is needed that is separate from the political discussions on cybercrime policies and that allows
practitioners to connect and share practical experiences from around the world.

We look forward to a fruitful discussion on these matters at the seventh meeting of the Expert
Group to Conduct a Comprehensive Study on Cybercrime, which will be held in Vienna,
Austria, from 6 to 8 April 2021.

                         Andromeda-Tower, 11th fl., Donau-City-Str. 6, 1220 Vienna
              Tel.: (+43/1) 263 72 91-0. Fax: (+43/0) 501159-600; E-mail: ovwien@bmeia.gv.at
Canadian Comments on Future Work of the
Intergovernmental Expert Group (IEG) on Cybercrime
Canada agrees with the recommendations made at previous sessions of the Intergovernmental
Expert Group on Cybercrime (IEG) that the IEG should continue its important work. Since its
establishment in 2011, the IEG has proven to be an invaluable forum to advance our shared
interest of combatting cybercrime at a time when individuals and groups are increasingly using
the internet to commit criminal acts. And now, more than ever, the United Nations needs a
forum for experts to exchange information and experiences, and collaborate, including on the
development of best practices, emerging criminal phenomena, the identification impediments
to the investigation and prosecution of cybercrime, and the development of prevention and
capacity building strategies. Canada agrees that the Commission on Crime Prevention and
Criminal Justice (CCPCJ) should extend the mandate of the IEG beyond 2021 (recommendation
IV A8rr).

Canada agrees that the IEG mandate needs to be revised bearing in mind the role of the open-
ended ad hoc committee to elaborate a comprehensive international convention on cybercrime
that was established in 2019 by United Nations General Assembly (UNGA) resolution
A/RES/74/173. However, during that same session in 2019, UNGA also recognized the
importance of the IEG as “an important platform for the exchange of information on national
legislation, best practices, technical assistance and international cooperation with a view to
examining options to strengthen existing responses and to propose new national and
international legal or other responses for cybercrime” (A/RES/74/173). Therefore, bearing in
mind these two resolutions, the IEG should continue to serve as a non-political forum for
information exchange and to inform the negotiation process. Cybercrime and the challenges
presented by electronic evidence are complex issues that need to be discussed by experts in a
specific, focused forum. The IEG has already made significant strides in a number of important
areas that are globally recognized as priorities in the fight against cybercrime, including bringing
domestic legislation in-line with international standards, and has resulted in innovative capacity
building initiatives.

As suggested in recommendation II A4p, the IEG could continue to serve “as a platform for the
exchange of information and best practices, including model laws or model clauses, relating to
such issues as jurisdiction, special investigative techniques, electronic evidence, including
challenges posed by the volatile nature of electronic evidence and its admissibility in court, and
international cooperation”. Canada would also be interested in the IEG being mandated to
conduct a regular assessment of cybercrime trends (II A4r, II B5o and III B7k) and assisting in
drawing on best practices in existing instruments.

Should the IEG no longer be in a position to continue to perform its mandate, Member States
must consider an alternative forum for expert exchange with the UN Office on Drugs and Crime
(UNODC) facilitating and the CCPCJ guiding the work.
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime

The Permanent Mission of the Canada is pleased to respond to the “Compilation of all
preliminary conclusions and recommendations suggested by Member States during the
meetings of the Expert Group to Conduct a Comprehensive Study on Cybercrime held in 2018,
2019 and 2020.” Canada greatly appreciates the opportunity to provide feedback on the
preliminary conclusions and recommendations. Canada extends its compliments to the IEG
on the work undertaken to develop these recommendations and would like to highlight, in
particular, the recommendations listed below as those that Canada finds particularly
important and proposes including in the final submission to the Commission on Crime,
Prevention and Criminal Justice. Canada would also like to emphasize, once again, that
Canada supports the IEG’s continuation.

                                 I. Legislation and Frameworks

Recommendations:

       Member States should pursue international cooperation without requiring full
harmonization of national legislation, provided that the underlying conduct is criminalized and
laws are sufficiently compatible to simplify and expedite the various forms of such cooperation
(II A4(d)).

       Member States should ensure that their legislative provisions withstand the test of time
with regard to future developments in technology by enacting laws with formulations that are
technologically neutral and criminalize the activity deemed illegal instead of the means used
(part of II A4(a).

        To ensure that relevant issues are properly considered, Member States should consult
all relevant stakeholders, including intergovernmental stakeholders, the private sector and civil
society, as early as possible when the decision is made to introduce cybercrime legislation (II
A4(i)).

       Effective development, enactment and implementation of national legislation to
counter cybercrime should be backed up by capacity-building measures and technical
assistance programs. Member States should allocate appropriate resources for domestic
capacity-building (part of II A4(l)).

      Member States should use and/or join existing multilateral legal instruments on
cybercrime such as the Council of Europe Convention on Cybercrime (Budapest Convention), as
they are considered by many States to be best practice models guiding appropriate domestic
and international responses to cybercrime (II A4(t)).

                                                1
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime

      Existing legal instruments and mechanisms, including the United Nations Convention
against Transnational Organized Crime, should be taken advantage of by as many States as
possible to strengthen international cooperation (II A4(u).

                                        II. Criminalization

Recommendations:

        Member States should adopt and apply domestic legislation to criminalize cybercrime
conduct and to grant law enforcement authorities procedural authority to investigate alleged
crimes consistent with due process guarantees, privacy interests, civil liberties and human
rights (II B5(b)).

      Member States should criminalize core cybercrime offences that affect the
confidentiality, integrity and availability of computer networks and computer data, taking into
account widely recognized international standards (II B5(d)).

       Member States should avoid criminalizing a broad range of activities by Internet service
providers (ISPs), especially where such regulations may improperly limit legitimate speech and
the expression of ideas and beliefs. Member States should instead work with ISPs and the
private sector to strengthen cooperation with law enforcement authorities, noting in particular
that most ISPs have a vested interest in ensuring that their platforms are not abused by criminal
actors (II B5(i)).

       In effectively addressing cybercrime, Member States should take into consideration
existing human rights frameworks, in particular as regards freedom of expression and the right
to privacy, and should uphold the principles of legality, necessity and proportionality in criminal
proceedings relating to the fight against cybercrime (II B5(n));

        Member States should adopt and implement domestic legal evidence frameworks to
permit the admission of electronic evidence in criminal investigations and prosecutions,
including the appropriate sharing of electronic evidence with foreign law enforcement partners
(II B5(j)).

      Member States should identify trends in the activities underlying cybercrime through
research and should further evaluate the possibility and feasibility of mandating the Expert
Group or UNODC to conduct and make available on an annual basis, with substantive
contributions by Member States, an assessment of cybercrime trends (II B5(o)).

                            III. Law Enforcement and Investigations

Recommendations:

                                                 2
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime

       Member States should continue to use and/or join existing multilateral legal
instruments on cybercrime such as the Budapest Convention, which is considered by many
States to be the most relevant guide for developing appropriate domestic legislation – of both a
substantive and procedural nature – on cybercrime and facilitating international cooperation to
combat such crime (part of III A6(b)).

      Given that cybercrime requires medium- and long-term law enforcement strategies to
disrupt cybercrime markets, including cooperation with international partners, those strategies
should be proactive and preferably target organized cybercriminal groups, which may have
members in numerous countries (III A6(i)).

       Domestic procedural laws must keep pace with technological advances and ensure that
law enforcement authorities are adequately equipped to combat online crime. Relevant laws
should be drafted taking into account applicable technical concepts and the practical needs of
cybercrime investigators, consistent with due process guarantees, privacy interests, civil
liberties and human rights, and safeguards ensuring judicial oversight. Moreover, Member
States should devote resources to enacting domestic legislation that authorizes:
        (i) Requests for the expedited preservation of computer data to the person in control of
        the data – that is, Internet and communications service providers – to keep and
        maintain the integrity of those data for a specified period of time owing to their
        potential volatility;
        (ii) The search and seizure of stored data from digital devices, which are often the most
        relevant evidence of an electronic crime;
        (iii) Orders to produce computer data that may have less privacy protection, such as
        traffic data and subscriber data;
        (iv) The real-time collection of traffic data and content in appropriate cases;
        (v) International cooperation by domestic law enforcement authorities (III A6(k));

       As cybercrime investigations require creativity, technical acumen and joint efforts
between prosecutors and the police, countries should encourage close cooperation between
public prosecutors and the police at an early stage in an investigation in order to develop
sufficient evidence to bring charges against identified subjects (III A6(l)).

        Member States should take measures to encourage Internet service providers to play a
role in preventing cybercrime and supporting law enforcement and investigation activities,
including by establishing in their domestic legislation relevant provisions on the obligations of
those service providers, and clearly define the scope and boundary of such obligations in order
to protect the legitimate rights and interests of service providers (III A6(r);

       In view of the transnational nature of cybercrime and the fact that the large majority of
global cybercrimes are committed by organized groups, Member States should also make
greater use of the United Nations Convention against Transnational Organized Crime to

                                                3
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime

facilitate the sharing of information and evidence for criminal investigations relating to
cybercrime (III A6(c)).

                          IV. Electronic Evidence and Criminal Justice

Recommendations:

       The admissibility of electronic evidence should not depend on whether evidence was
collected from outside a country’s jurisdiction, provided that the reliability of the evidence is
not impaired and the evidence is lawfully collected, for example, pursuant to a mutual legal
assistance or multilateral treaty or in cooperation with the country that has jurisdiction (III
B7(f)).

      Member States should foster capacity-building in order to improve investigations,
increase understanding of cybercrime and the equipment and technologies available to fight it
and enable prosecutors, judges and central national authorities to appropriately prosecute and
adjudicate on such crime (III B7(c)).

       Member States should foster efforts to build the capacity of central authorities involved
in international cooperation on requirements and procedures relating to mutual legal
assistance, including by providing training on the drafting of comprehensive requests with
sufficient information for obtaining electronic evidence (III B7(d)).

        Member States should consider the “prosecution team” approach, which combines the
skills and resources of various agencies, bringing together prosecutors, investigative agents and
forensic analysts to conduct investigations. That approach allows prosecutors to handle and
present electronic evidence (III B7(e)).

      Member States should pursue action to enhance cooperation in gathering electronic
evidence, including the following:
       (i) Sharing of information on cybercrime threats;
       (ii) Sharing of information on organized cybercriminal groups, including the techniques
       and methodology they use;
       (iii) Fostering of enhanced cooperation and coordination among law enforcement
       agencies and prosecutors;
       (iv) Sharing of national strategies and initiatives to tackle cybercrime, including national
       legislation and procedures to bring cybercriminals to justice;
       (v) Sharing of best practices and experiences related to the cross-border investigation of
       cybercrime;
       (vi) Development of a network of contact points between law enforcement authorities;
       (viii) Holding of workshops and seminars to strengthen the capacity of law enforcement
       authorities and judicial authorities for drafting requests, in the context of mutual legal
       assistance treaties, to collect evidence in matters related to cybercrime;

                                                 4
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime

       (xiii) Strengthening of the technical and legal capacities of law enforcement agencies,
       judges and prosecutors through capacity-building and skill development programs;
       (xv) Holding of workshops and seminars to raise awareness of best practices in
       addressing cybercrime (part of III B7(o)).

       Some judges are unfamiliar with digital evidence and as a result, this type of evidence is
often subject to higher standards with regard to authentication and admission. However,
consideration should be given to the fact that there is no practical reason to impose higher
standards in relation to the integrity of digital evidence in contrast to traditional
evidence.Digital evidence is no more likely to be altered or fabricated than other evidence.
Indeed, it is arguably harder to alter or fabricate digital evidence because various mathematical
algorithms, such as “hash values,” can be used to authenticate or provide evidence of an
alteration (III B7(r)).

                                 V. International Cooperation

Recommendations:

       With regard to international cooperation mechanisms, States were encouraged to
accede to and/or use, in the absence of a bilateral mutual legal assistance treaty, existing
multilateral treaties such as the United Nations Convention against Transnational Organized
Crime and the Council of Europe Convention on Cybercrime that provide a legal basis for
mutual legal assistance. In the absence of a treaty, States may ask another State for
cooperation on the basis of the reciprocity principle; the Council of Europe Convention on
Cybercrime should also be used as a standard for capacity-building and technical assistance
worldwide (part of IV A8(b)).

 International cooperation to combat cybercrime should also take into account gender- and
age-sensitive approaches and the needs of vulnerable groups (IV A8(l)).

      The efficiency of international cooperation should be improved by establishing rapid
response mechanisms for international cooperation, as well as channels of communication
through liaison officers and information technology systems between national authorities for
the cross-border collection of evidence and online transfer of electronic evidence (IV A8(e));

       Investment in or the establishment of a strong central authority for international
cooperation in criminal matters to ensure the effectiveness of cooperation mechanisms
involving cybercrime is recommended. It is also recommended that specific units be
established to investigate cybercrime and that preservation requests by another State be
addressed through a 24/7 network to preserve the required data as quickly as possible.
Increased understanding of the information needed for a successful mutual legal assistance
request may assist in obtaining the data more quickly (IV A8(hh)).

                                                5
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime

       Member States should also consider establishing separate cybercrime units within
central authorities for mutual legal assistance as a base of expertise in the complex area of
international cooperation. Such specialized units not only provide benefit in the day-to-day
practice of mutual legal assistance, but also allow for focused capacity-building assistance such
as training to address the needs of domestic and foreign authorities on how to obtain mutual
legal assistance involving electronic evidence quickly and efficiently in cyber-related matters (IV
A8(ddd)).

       Member States should consider maintaining electronic databases that facilitate access
to statistics relating to incoming and outgoing requests for mutual legal assistance involving
electronic evidence, to ensure that reviews of efficiency and effectiveness are in place (IV
A8(eee));

      UNODC has developed the Mutual Legal Assistance Request Writer Tool to assist
criminal justice practitioners in drafting mutual legal assistance requests. The Office has also
developed the Practical Guide for Requesting Electronic Evidence Across Borders, available on
request to government practitioners in Member States. Countries may benefit from employing
those key tools developed by UNODC (IV A8(qq)).

       Countries are called upon to join, make wider use of and strengthen authorized
networks of practitioners to preserve and exchange admissible electronic evidence, including
24/7 networks, specialized networks on cybercrime and INTERPOL channels for prompt police-
to-police cooperation, as well as networking with strategically aligned partners, with a view to
sharing data on cybercrime matters and enabling rapid responses and minimizing loss of critical
evidence. The use of police-to-police cooperation and other methods of informal cooperation
before using mutual legal assistance channels was also recommended (IV A8(t)).

      Each State should set up a genuine 24/7 point of contact, accompanied by appropriate
resources, to facilitate the preservation of digital data alongside traditional international
mutual assistance in criminal matters, drawing on the successful model of data freezing under
the Council of Europe Convention on Cybercrime (IV A8(u)).

      The Commission on Crime Prevention and Criminal Justice should consider extending
the workplan of the Expert Group beyond 2021 as a forum for practitioners to exchange
information on cybercrime (IV A8(rr)).

       Some speakers recommended that the Commission on Crime Prevention and Criminal
Justice should renew the mandate of the Expert Group and decide upon a workplan beyond
2021, which should also include emerging forms of cybercrime and the examination of issues
related to online sexual abuse and exploitation of children (IV A8(uu)).

      Beyond domestic laws, international cooperation on cybercrime relies on both formal,
treaty-based cooperation and traditional police-to-police assistance. When debating a new

                                                 6
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime

instrument on cybercrime, it is important that countries remember that a new instrument
should not conflict with existing instruments, which already enable international cooperation
for many. Thus, countries should ensure that any new instrument on cybercrime avoids conflict
with existing treaties (IV A8(ll)).

       Sustainable capacity-building and technical assistance to increase capabilities across
operational areas and strengthen the capacity of national authorities to respond to cybercrime
should be prioritized and increased, including through networking, joint meetings and training,
the sharing of best practices, training materials, and templates for cooperation. Such capacity-
building and training should include highly specialized training for practitioners that promotes,
in particular, the participation of female experts, and should address the needs of legislators
and policymakers to better handle issues of data retention for law enforcement purposes. The
capacity-building and training should also be focused on improving the abilities of law
enforcement authorities, investigators and analysts in forensics, in the use of open source data
for investigations and in the chain of custody for electronic evidence, as well as in collecting and
sharing electronic evidence abroad. Another focus of the capacity-building and training should
be on improving the abilities of judges, prosecutors, central authorities and lawyers to
effectively adjudicate and deal with relevant cases (IV A8(mm));

                                          VI. Prevention

Recommendations:

       When preventing and combating cybercrime, States should pay special attention to the
issues of preventing and eradicating gender-based violence, in particular, violence against
women and girls, and hate crimes (IV B9(e));

      Cybersecurity practices are distinct from efforts to combat cybercrime. States should
develop both a national cybercrime strategy, including national legislation or policy for
cybercrime prevention, and a national cybersecurity strategy. Focus areas for national
cybercrime strategies should include cybercrime prevention, public-private partnerships,
criminal justice capacity and awareness-raising through published court decisions (IV B9(w)).

       Public-private partnerships, including cooperation with cybersecurity stakeholders and
technology companies on information-sharing, are needed to prevent and combat cybercrime
(IV B9(i)).

       “Criminal justice capacity” should be another area of focus in national cybercrime
strategies. Assistance to developing countries should be a priority in order to strengthen law
enforcement capacity in preventing cybercrime (IV B9(z)).

      Member States should avail themselves of capacity-building assistance from the UNODC
Global Program on Cybercrime and other initiatives, including the Council of Europe Global
Action on Cybercrime Extended programmes (IV B9(aa))

                                                 7
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime

       States should undertake surveys to measure the impact of cybercrime on businesses,
including measures implemented, employee training, types of cyberincidents that affect them
and the costs associated with recovering from and preventing cyberincidents (IV B9(cc)).

       States should involve female experts in the prevention and investigation of cybercrime
(IV B9(qq));

      Member States should avail themselves of capacity-building assistance from the UNODC
Global Programme on Cybercrime and other initiatives, including the Council of Europe Global
Action on Cybercrime Extended programmes (IV B9(aa))

     Efforts in the development of strategies for cybercrime prevention should also take into
account the protection of human rights (IV B9(y)).

                                               8
附件

        中国对联合国网络犯罪政府间专家组
            第七次会议书面评论意见

     一、一般性评论
     中方支持并欢迎专家组按照 2018 年至 2021 年工作计划就网
络犯罪有关实质问题开展的讨论。依据专家组第四至第六次会议
讨论,秘书处汇编形成了初步结论和建议,有关建议全面反映了
各国立足不同国情、不同法律制度和不同文化背景所实施的旨在
预防、应对和打击网络犯罪的意见和举措,不仅有助于各国交流
互鉴,也有助于强化打击网络犯罪国际合作。
     由于会议模式、旅行限制等原因,专家组深入讨论汇编而成
的结论和建议并予以通过将面临巨大挑战。第七次会议应当根据
新形势,调整对会议成果的预期。如果各方无法就结论和建议达
成一致并在第七会议上通过,可以考虑直接将秘书处准备的汇编
提交给预防犯罪和刑事司法委员会,作为专家组的工作成果。相
信这样的汇编对委员会、对各国也具有重要的参考价值。

                     1
第 74 届联大通过第 247 号决议,授权成立政府间特设委员
会起草打击网络犯罪的全球性公约。这为各国强化合作、构筑全
球打击网络犯罪网络提供了宝贵机会。各国应当积极参与和支持
谈判进程,推动在联合国制定各方参与、包容开放的打击网络犯
罪全球性公约。
  关于网络犯罪有关问题,中方愿重申并强调如下:
  (一)立法和框架
  1、在国内层面,各国应立足网络数字技术迅猛发展和网络犯
罪手段快速更新的现实,强化相关政策和立法,为预防和强化打
击网络犯罪提供法律保障。
  2、在国际层面,国际社会应高度重视网络犯罪的共同挑战,
积极开展打击网络犯罪国际合作,在用好现有多双边合作机制和
区域性打击网络犯罪平台的基础上,携手推动联合国打击网络犯
罪公约特委会尽快启动实质谈判,为在全球范围内强化打击网络
犯罪提供法律框架。
  (二)定罪
  1、加强对核心网络犯罪行为定罪的合作。可先将各国普遍关
注并能达成共识的网络犯罪行为纳入国际合作的范畴,并根据实
践不断补充。对于不能达成普遍共识的网络犯罪,也可按照国际
合作的一般原则开展协作。
  2、顺应当前网络犯罪发展趋势,适当扩大网络犯罪范畴。将

                 2
互联网用于恐怖主义目的的犯罪、利用网络从事赌博、诈骗、贩
枪、儿童色情等犯罪、为他人实施网络犯罪提供技术支持或帮助
的犯罪、为实施犯罪而设立非法网络平台等也加以定罪。此外,
还应当将利用网络煽动仇恨犯罪,包括利用互联网煽动暴力、民
族仇恨,教唆、引诱实施严重暴力犯罪,编造虚假信息故意在网
络传播,危害公共安全和社会秩序等行为定罪。
  (三)执法与调查
  1、各国应重视加强对帮助行为、预备行为的调查和执法,以
应对网络犯罪日益加剧的链条化趋势。
  2、各国应就云计算、暗网、加密货币、物联网等对网络犯罪
执法与调查的影响进行讨论,共同研究可行的应对之策。
  3、鼓励各国通过立法明确网络服务提供者配合防范网络犯罪
和协助执法与调查的义务。例如,鼓励网络服务提供者采取技术措
施和其他必要措施,防范网络犯罪;制定网络安全事件应急预案,
及时处置系统漏洞、计算机病毒、网络攻击、网络侵入等安全风
险,保障网络安全。
  (四)电子证据与刑事司法
  1、各国应制定或完善立法,承认电子证据的证据能力,规定
电子证据的定义、范围、取证手段和采信规则等。同时,采取措
施加强网络犯罪电子证据取证能力建设,培养法律素养和技术知
识兼备的专业团队,加强在这方面的经验共享和培训合作。鼓励

                 3
联合国毒品和犯罪问题办公室在这一领域发挥作用。
  2、各国跨国调取电子证据应尊重证据所在地的国家主权,遵
守正当程序,尊重相关个人和实体的正当权利,不得采取侵入性
和破坏性技术侦查手段跨国获取电子证据。
  3、鼓励各国针对调查网络犯罪、调取电子证据的需要,协商
通过优化程序等方法,进一步畅通司法协助和执法合作渠道。各
国应考虑在打击网络犯罪全球性公约中纳入各方普遍接受的获取
境外电子证据条款,为解决跨国调取电子证据问题提供统一、权
威的指引。
  (五)国际合作
  1、各国应积极就打击网络犯罪开展国际刑事司法合作,包括
引渡、协助调查取证以及预防和打击国际转移非法所得等。
  2、各国确立对网络犯罪的管辖权应尊重他国主权,反对与犯
罪缺乏真实、充分联系的过度域外管辖。鼓励各国加强沟通协商
以解决管辖权的冲突。
  3、各国应建立网络犯罪司法协助和执法合作快速联络响应机
制和联系渠道,考虑通过采用电子签章等技术手段,实现跨境取
证法律文书和电子证据网上交换,提高国际合作效率。对保全电
子数据、提供日志信息等不涉及人身自由、财产权利,或对此类
权利影响较小的协助调查取证请求,在不违反被请求国法律的前
提下,被请求国应最大限度提供协助。

               4
(六)预防
  1、各国应将“预防为主,打防并重”作为打击网络犯罪的基
本原则,根据网络犯罪的新特点制定有针对性的预防犯罪举措。
  2、各国应立法明确规定网络服务提供者预防网络犯罪的义
务,特别是安全风险预警、安全事件应急处置等义务。要求网络
服务提供者一旦发现其服务被用于实施网络犯罪,立即采取阻断
犯罪信息传播、关停钓鱼等涉案网站、关闭涉案域名等紧急处置
措施。
  3、各国应建立国际网络威胁信息共享机制,对新型威胁技术、
作案手法及时共享、共同研究。
  4、应加强对发展中国家的技术援助和培训,提升其预防网络
犯罪的能力。

                 5
Comments by the People’s Republic of China for
       the Seventh Meeting of the Open-Ended Intergovernmental
                         Expert Group on Cybercrime

     I. General Comments

     China supports and welcomes the discussion of substantive issues of
cybercrime by the Expert Group according to its work-plan for the period of
2018-2021. The preliminary conclusions and recommendations, compiled
by the Secretariat based on discussions during the fourth to sixth meetings of
Expert Group, fully reflect the suggestions and experiences of Member
States in preventing and combating cybercrime, on the basis of different
national situations, various legal systems and diverse cultural backgrounds.
These recommendations could promote exchange of information, sharing of
best practices and international cooperation on combating cybercrime.

     Due to the modality of the seventh meeting and travel restrictions, it
would be extremely difficult for the Expert Group to have in-depth
discussion of all the preliminary conclusions and recommendations, not to
mention their adoption. Bearing in mind the challenging situation, it would
be advisable for Member States to lower their expectations for the outcome
of the seventh meeting of the Expert Group. If a consolidated list of
conclusions and recommendations could not be agreed, Member States may
consider   to   submit    the   compiled       preliminary   conclusions   and
recommendations in its entirety to CCPCJ as the outcome of the Expert

                                           6
Group. We believe that the preliminary conclusions and recommendations
could also provide valuable reference to CCPCJ as well as Member States.

     The 74th General Assembly adopted Resolution 74/247, which
mandates the establishment of an open-ended ad hoc intergovernmental
committee of experts to elaborate a comprehensive international convention
on countering cybercrime. It provides a valuable opportunity for States to
facilitate international cooperation and build a global network on combating
cybercrime. States should support and actively participate in this process to
negotiate a global convention on countering cybercrime under the auspices
of United Nations, adhering to universal-participation, inclusiveness and
openness.

     With respect to the substantive issues of cybercrime, China wish to
reiterate and emphasize its position as follows:

     1. Legislation and Frameworks

     (i) At the national level, bearing in mind the rapid development of
digital technologies and their exploitation by cybercrime perpetrators, States
should improve relevant policies and legislations to provide legal
framework for preventing and combating cybercrime.

     (ii) At the international level, the international community should
attach great importance to the common challenges of cybercrime, actively
engage in the international cooperation on combating cybercrime. States
should make good use of the existing multilateral and bilateral cooperation
mechanisms and regional platforms for combating cybercrime, and work

                                         7
together to support the UN Ad Hoc Committee to launch substantive
negotiations in an earlier date, so as to provide a global legal framework for
combating cybercrime.

     2. Criminalization

     (i) States should strengthen cooperation on criminalization of core
cybercrime activities. States may include crimes that are of wide concern
and consensus into the scope of international cooperation, and extend this
scope continuously according to practice. For those cybercrimes cannot get
consensus among States, assistance could be provided on the basis of
general principles of international judicial cooperation.

     (ii) Catering to the trend of current cybercrime, States should expand
the scope of criminalization. States may criminalize such conducts,
including using the internet for terrorism, gambling, fraud, trafficking of
firearms, and child pornography, providing technical support or aid for
cybercrime, setting up illegal internet platform for criminal purposes. In
addition, using the internet to incite hate crimes, including inciting violence
and hatred among different national groups, abetting and enticing others for
serious violent crime, fabricating and spreading disinformation, and other
activities jeopardizing public security and social order, should also be
criminalized.

     3. Law Enforcement and Investigation

     (i) States should strengthen investigation and law enforcement actions
against acts of aiding and preparation of cybercrime, so as to effectively

                                          8
You can also read